Add cap_net_raw to bluetoothd

- bluetoothd uses HCI socket, and it requires cap_net_raw for non-root.

Change-Id: Ie0ef916fc502e8beaa41f5beb17ceee8889e0d7a

diff --git a/config/set_capability b/config/set_capability
index 9a0dba0f1398ebeb23a1d95855c7245eff5255a5..2635689aa1bad0367f0bc4511f5b40e181e970e6 100755 (executable)
--- a/config/set_capability
+++ b/config/set_capability
@@ -570,9 +570,10 @@ fi
 # cap_dac_override     to access bridge device
 # cap_net_admin                to use network-related operations
 # cap_net_bind_service to call bind
+# cap_net_raw          to use HCI socket
 
 if [ -e "/usr/libexec/bluetooth/bluetoothd" ]
-then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_dac_override=ei /usr/libexec/bluetooth/bluetoothd
+then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_net_raw,cap_dac_override=ei /usr/libexec/bluetooth/bluetoothd
 fi
 
 # Package               platform/core/system/dlog

diff --git a/test/capability_test/new_capabilities_exception.list b/test/capability_test/new_capabilities_exception.list
index 214592c4cb46c1279a5d92cb193ca759d927e6ba..58bd633ca7b474263818fb5a73286ddf1fe8597d 100755 (executable)
--- a/test/capability_test/new_capabilities_exception.list
+++ b/test/capability_test/new_capabilities_exception.list
@@ -54,7 +54,7 @@
 /usr/bin/connman-vpnd = cap_dac_override,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
 /usr/bin/charon = cap_setgid,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
 /usr/bin/dlog_logger = cap_syslog+ei
-/usr/libexec/bluetooth/bluetoothd = cap_dac_override,cap_net_bind_service,cap_net_admin+ei
+/usr/libexec/bluetooth/bluetoothd = cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw+ei
 /usr/bin/cat = cap_sys_ptrace+ei
 /usr/bin/krate-mount = cap_sys_admin+ei
 /usr/bin/inm-manager = cap_net_admin,cap_net_raw+ei